Cyber Security Headlines – June 25, 2021

Dell bug puts 30 million PCs at risk

Security researchers at Eclypsium disclosed four major security vulnerabilities in the BIOSConnect feature of Dell SupportAssist, opening the door to remote code execution within the BIOS. BIOSConnect is a utility that allows for remote firmware update and OS recovery features, with the issue impacting 129 Dell models of consumer and business laptops, desktops, and tablets. The vulnerability effectively allows attackers to impersonate Dell.com and take control of the target device’s boot process to break OS-level security controls. The researchers recommend updating BIOS to resolve the issue, although not using BIOSConnect, or disable BIOSConnect if updating isn’t possible. 

(Bleeping Computer)

Irish health services still feel the impact of ransomware

Ireland’s Health Service Executive disclosed it fell victim to a “significant” ransomware attack on May 14th, attributed to the Conti ransomware operation. While the operators provided a decryption key to the HSE, the operators threatened to release exfiltrated files if not paid a $20 million ransom. Even with the decryption key however, hospitals in the country are still not back to full network services, often with limited IT services and no internet access. Part of the issue is that the hospital system needs to make sure the malware is fully removed from its domain, although the decryption itself is taking significant time as well. This has seen hospitals with overwhelmed emergency service and operations like X-rays cancelled for the time being. HSE CEO Paul Reid said it will take months for the system to fully recover.

(ZDNet)

Google delays third-party cookie ban

Google delayed its plan to block third-party cookies in Chrome until late 2023, saying the delay will give “sufficient time for public discussion on the right solutions and for publishers and the advertising industry to migrate their services.” Google argues that the delay will give content platforms time to adjust their business models, and that rushing to deprecate cookies would push some publishers to use sneakier tracking methods. The company had originally announced it would phase out third-party cookies by 2022 as part of its Privacy Sandbox initiative. 

(CNET)

House committee advances tech antitrust bill package

The House Judiciary Committee approved a six-bill package that, if passed, would have far-reaching implications for large tech platforms. The committee narrowly approved the American Choice and Innovation Online Act in the package, which would make it illegal for tech platforms to preference their own services. The package also includes bills to mandate data portability based on FTC mandated standards, and two bills to raise the cost and antitrust scrutiny a company must meet to acquire startups. Passing even parts of the package is an open question, while the vote to approve it was bipartisan, the White House has not completely approved the package, and there is no guarantee it will be approved in the House before going on to the more contentious Senate.  

(WSJ)

Thanks to our episode sponsor, RevCult

On average, 18% of all your Salesforce data fields are highly sensitive and 89% of users have access to that data. RevCult is the only solution that helps you understand the data you have in Salesforce, and if you’re protecting it. Read our ‘CISOs Guide to Salesforce’ at RevCult.com.

Is somebody pirating REvil ransomware?

Secureworks issued a report on Wednesday indicating it has identified a ransomware strain, which it has named LV, infecting Windows machines with malicious binaries which are strikingly similar to the infamous REvil ransomware code. The criminals, who have been code named Gold Northfield, are deploying a lightly tweaked version of REvil’s binary, but instead of using the standard REvil backend payment systems, link to several Tor-based ransom payment engines and two websites where the criminals threaten to publish exfiltrated data. The researchers have come to the conclusion that LV is most likely a pirated version of REvil’s beta code.

(The Register)

Windows 11 will have Android apps

As part of Microsoft’s Windows 11 announcement, the company said the forthcoming OS will run Android apps, being included in the Windows Start Menu and other UI elements like other apps. These will be integrated into the OS using  “Intel bridge technology” to make the apps run “seamless and smooth.” Apps will appear in the the Microsoft Store and also installed through Amazon’s app store. Microsoft will release Windows 11 by the end of 2020 as a free upgrade from Windows 10. 

(Engadget)

Google secures link policies for YouTube and Google Drive

Google is changing the behavior of older shared links on YouTube and Google Drive. On YouTube, videos uploaded prior to 2017 and set to Unlisted will be changed to Private as of July 23rd, although accounts can opt-out of the change. As of September 13th, Google Drive will include a resource key to access cloud-stored files, requiring users who haven’t previously viewed the file while logged into a Google account to request access, although accounts can opt-out of the change as well. 

(The Verge)

FBI seizes domains tied to Iranian disinformation

As part of enforcement action taken by the Federal Bureau of Investigation and the U.S. Department of Commerce’s Bureau of Industry and Security, the U.S. seized more than 30 sites operated by Iranian government-run PressTV and social media channels affiliated with Iran-backed militias in Iraq. The seizure notice cited both civil and criminal forfeiture laws and the International Emergency Economic Powers Act, which grants the US president the power to regulate international commerce in response to threats to U.S. security.

(WSJ)


Rich Stroffolino
Rich Stroffolino is a podcaster, editor and writer based out of Cleveland, Ohio. Since 2015, he's worked in technology news podcasting and media. He dreams of someday writing the oral history of Transmeta.